Add "windows" to SAML AuthnContext type for Integrated Windows Authentication

[ogis-song]

Analysis

When OpenAM is running as SP, the value of AuthnContext in the AuthnStatement returned as SAML response from IdP should be able to be set to "windows" from the OpenAM Administrator UI. In the current implementation, "windows" is returned as the value of AuthnContext when integrated Windows authentication is used. The AuthnContext value can be set to "windows" by using ssoadm or rewriting the configuration data store with LDAP operations, but this cannot be done from the OpenAM Administrator UI.

Actual behavior

On the OpenAM Administrator UI, there is no "windows" in the "Authentication Context" values.

Solution

Add a new value "windows" for authentication context.

Expected behavior

"windows" is included in the "Authentication Context" value of the entity provider.

Testing

For new installations

• Build the modified source
• Deploy the built war file
• Launch Tomcat
• Initialize OpenAM
• If OpenAM is the hosted IdP
  • Create a hosted IdP
  • Federation -> [IdP's Entity Provider ID] -> Assertion Content -> Authentication Context
  • Make sure that the "Authentication Context" value of the entity provider has "windows"
• If OpenAM is the hosted SP
  • Create a hosted SP
  • Federation -> [SP's Entity Provider ID] -> Assertion Content -> Authentication Context
  • Make sure that the "Authentication Context" value of the entity provider has "windows"

For updates

• If OpenAM is the hosted IdP

  • [Realm Name] -> Configure SAMLv2 Providers -> Create hosted Identity Provider
  • Federation -> [IdP's Entity Provider ID] -> Assertion Content -> Authentication Context
  • Make sure that the "Authentication Context" value of the entity provider doesn't have "windows"
  • Stop Tomcat.
  • Back up the war file.
  • Replace the war file with the modified one.
  • Copy bootstrap.properties from the unupdated environment and paste it to the updated environment.
  • Launch Tomcat.
  • Configure OpenAM upgrade settings.
  • [Realm Name] -> Configure SAMLv2 Providers -> Create hosted Identity Provider
  • Federation -> [IdP's Entity Provider ID] -> Assertion Content -> Authentication Context
  • Make sure that the "Authentication Context" value of the entity provider has "windows"

• If OpenAM is the hosted SP

  • [Realm Name] -> Configure SAMLv2 Providers -> Create hosted Service Provider
  • Federation -> [SP's Entity Provider ID] -> Assertion Content -> Authentication Context
  • Make sure that the "Authentication Context" value of the entity provider doesn't have "windows"
  • Stop Tomcat.
  • Back up the war file.
  • Replace the war file with the modified one.
  • Copy bootstrap.properties from the unupdated environment and paste it to the updated environment.
  • Launch Tomcat.
  • Configure OpenAM upgrade settings.
  • [Realm Name] -> Configure SAMLv2 Providers -> Create hosted SP Provider
  • Federation -> [SP's Entity Provider ID] -> Assertion Content -> Authentication Context
  • Make sure that the "Authentication Context" value of the entity provider has "windows"